changes:
Fixes for compiling on nearly every platform,
including improved 64bit support
MSDOS Support
Add support for sending packets
OpenBSD pf format support
IrDA capture (Linux only)
appearently filtering in ieee802_11_radio packets works now
pkgsrc: enabled IPv6 for NetBSD too
For UNIX, 1.3.85 is the latest version in the 1.4 release cycle.
Notable recent improvements are included in Linux 2.4 client support,
several race condition fixes in the fileserver, and audit logging for all
servers on all platforms.
VDE is a virtual network that can be spawned over a set of physical
computers over the Internet.
VDE connects together: (1) real GNU-linux boxes (tuntap) (2) virtual
machines: UML-User Mode Linux, qemu, bochs, MPS.
VDE can be used:
- to create a general purpose tunnel (every protocol that runs on
Ethernet can be put into the tunnel)
- to connect a set of virtual machine to the Internet with no need of
free access of tuntap
- to support mobility: a VDE can stay interconnected despite of the
change of virtual cables, i.e. the change of IP addresses and
interface in the real world
Approved by zuntum@
Changes since last packaged version (0.35):
0.35a ??? [Never released] Fixed broken HTML: missing </font> tags.
Thanks to Torgen Foertsch
0.35.1 Repairing HTML
0.35.2 Again repair HTML. Thanks to Lars Mueller.
0.36-pre1
+ getopts
+ split_network
+ deaggregate
+ rename dqtobin bintodq
+ netblocks
+ accept hex netmasks (contribution)
+ remove garbage
+ rework argument handling
+ work all the time on integers, not machine type representations (pack)
+ eliminated unnessessary globals
+ replaced is_valid...
+ rewrote format_bin
+ various changes
+ applied fix for colorchange in format_bin scott baker
0.36-pre3
removed print_netmask
sticked formatbin and printline together to printline
(this marks new bits in supernets (former version didn't)
use label to decide what sfx to print
0.36-pre4
made subnets supernets
split / deaggregate work with new parameters
removed old functions
how to handle /31 and /32?
0.36-pre5
removed debug output in deaggregate
0.36-pre6
started netblocks
rework getclass
0.36
/31
2004
0.37-pre5
+handle /31 /32
+new html
+wrap_html
+GPL Header
0.37 2004-05-14 debian asked for a bug fix in 0.35
0.38 2004-10-08 ipcalc did not work on 64bit architectures.
Thanks to Foxfair Hu <foxfair(a)FreeBSD.org> for finding this bug
0.39 2005-07-07 Added output of class only option (-c --class), that was accidentally
removed in 0.36
Changed console color of bits back from white to yellow. (Requested by Oliver Seufer)
Added ipcalc.cgi and images to the package
Added license file to the package
Added license text in cgi-wrapper
Added contributors file to the package
0.40 2005-07-07 Make -c really do what it did before. (Giving the "natural" mask). Thanks
to Bartosz Fenski.
Include style sheet into ipcalc.cgi
Changes in this release:
- Opening a torrent that is already open in the GUI now has the correct behavior rather than
raising an error
- Backported --chop_max_allow_in from 4.1 to help fix TCP stack flaking out problem on Windows
- Robustly handle config files corrupted by Windows
- Better error messages when a torrent already meets seeding limits
- File filters
- The security issues mentioned in this update were incorporated
into patch-ak previously and a security advisory was already
made in regards to this.
> FreeRADIUS 1.0.4 ; Date: 2005/06/11 22:46:52, urgency=medium
>
> * Fix installation problem.
> * Increase a buffer size, so radrelay doesn't truncate values.
> * Updates in the documentation. Patches from Thor Spruyt.
>
> FreeRADIUS 1.0.3 ; Date: 2005/06/03 17:15:11, urgency=high
> Security Fixes
> * Always escape the strings in the SQL module.
> * Check buffer bound when input character needs escaping in
> the SQL module. Bug found by Primoz Bratanic.
>
> Bug fixes
> * Return EAP-Fail in Access-Reject, rather than an empty Access-Reject
> * Don't send Proxy-State from home server in TTLS.
> * Fixes for forking external programs, so the server doesn't
> suddenly stop processing requests, or stop forking programs.
> * radzap now works, but it's command-line options have changed
> completely, and it's a shell script.
> * radwho has updated command-line options, and no longer reads
> Unix "utmp" files.
> * Fix bug in calling checkrad script with NAS port > 9999999
> * Fix long-standing bug when both crypt and pthreads are in use
> * Don't SEGV when rlm_sql gets 'NULL' value from request.
> * Re-arrange code in radrelay to not duplicate accounting packets.
> * In rlm_attr_rewrite, change the value when the attribute type
> is different from string.
- Change to my NetBSD address
- From the Changelog:
> 1.23 Mon Jun 06 12:00:00 2005
> - Thanks to Achim Adam <achim.adam AT univie.ac.at>
> - Thanks to Malte S. Stretz <mss AT msquadrat.de>
> - Thanks to Ville Skytta <ville.skytta AT iki.fi>
> - Bugfixes in ip_reverse
> - Bugfix in ip_range_to_prefix for /31 subnets
>
>
> 1.22 Mon May 26 11:54:00 2005
> - Big Thanks to Achim Adam <achim.adam AT univie.ac.at>
> - Removed 5.008 dependency
> - Added fix for trailing zeros on reverse IPv4 addresses
> - Updated 'special' ranges for Ipv4 and IPv6
* Changes in Wget 1.10.
** Downloading files larger than 2GB, sometimes referred to as "large
files", now works on systems that support them. This includes the
majority of modern Unixes, as well as MS Windows.
** IPv6 is now supported by Wget. Unlike the experimental code in
1.9, this version supports dual-family systems. The new flags
`--inet4' and `--inet6' (or `-4' and `-6' for short) force the use of
IPv4 and IPv6 respectively. Note that IPv6 support has not yet been
tested on Windows.
** Microsoft's proprietary "NTLM" method of HTTP authentication is now
supported. This authentication method is undocumented and only used
by IIS. Note that *proxy* authentication is not supported in this
release; you can only authenticate to the target web site.
** Wget no longer truncates partially downloaded files when download
has to start over because the server doesn't support Range. Instead,
with such servers Wget now simply ignores the data up to the byte
where the last attempt left off, and only then continues appending to
the file. That way the downloaded file never shrinks, and download
retries from servers without support for partial downloads work even
when downloading to stdout.
** SSL/TLS changes:
*** SSL/TLS downloads now attempt to verify the server's certificate
against the recognized certificate authorities. This requires CA
certificates to have been installed in a location visible to the
OpenSSL library. If this is not the case, you can get the bundle
yourself from a source you trust (for example, the bundle extracted
from Mozilla available at http://curl.haxx.se/docs/caextract.html),
and point Wget to the PEM file using the `--ca-certificate'
command-line option or the corresponding `.wgetrc' command.
*** Secure downloads now verify that the host name in the URL matches
the "common name" in the certificate presented by the server.
*** Although the above checks provide more secure downloads, they
unavoidably break interoperability with some sites that worked with
previous versions, particularly those using self-signed, expired, or
otherwise invalid certificates. If you encounter "certificate
verification" errors or complaints that "common name doesn't match
requested host name" and are convinced of the site's authenticity, you
can use `--no-check-certificate' to bypass both checks.
*** Talking to SSL/TLS servers over proxies now actually works.
Previous versions of Wget erroneously sent GET requests for https
URLs. Wget 1.10 utilizes the CONNECT method designed for this
purpose.
*** The SSL/TLS-related options have been redesigned and, for the
first time, documented in the manual. The old, undocumented, options
are no longer supported.
** Passive FTP is now the default FTP transfer mode. Use
`--no-passive-ftp' or specify `passive_ftp = off' in your init file to
revert to the old behavior.
** The `--header' option can now be used to override generated
headers. For example, `wget --header="Host: foo.bar"
http://127.0.0.1' tells Wget to connect to localhost, but to specify
"foo.bar" in the `Host' header. In previous versions such use of
`--header' lead to duplicate headers in HTTP requests.
** The responses without headers, aka "HTTP 0.9" responses, are
detected and handled. Although HTTP 0.9 has long been obsolete, it is
still occasionally used, sometimes by accident.
** The progress bar is now updated regularly even when the data does
not arrive from the network.
** Wget no longer preserves permissions of files retrieved by FTP by
default. Anonymous FTP servers frequently use permissions like "664",
which might not be what the user wants. The new option
`--preserve-permissions' and the corresponding `.wgetrc' variable can
be used to revert to the old behavior.
** The new option `--protocol-directories' instructs Wget to also use
the protocol name as a directory component of local file names.
** Options that previously unconditionally set or unset various flags
are now boolean options that can be invoked as either `--OPTION' or
`--no-OPTION'. Options that required an argument "on" or "off" have
also been changed this way, but they still accept the old syntax for
backward compatibility. For example, instead of `--glob=off' you can
write `--no-glob'.
Allowing `--no-OPTION' for every `--OPTION' and the other way around
is useful because it allows the user to override non-default behavior
specified via `.wgetrc'.
** The new option `--keep-session-cookies' causes `--save-cookies' to
save session cookies (normally only kept in memory) along with the
permanent ones. This is useful because many sites track important
information, such as whether the user has authenticated, in session
cookies. With this option multiple Wget runs are treated as a single
browser session.
** Wget now supports the --ftp-user and --ftp-password command
switches to set username and password for FTP, and the --user and
--password command switches to set username and password for both FTP
and HTTP. The --http-passwd and --proxy-passwd command switches have
been renamed to --http-password and --proxy-password respectively, and
the related http_passwd and proxy_passwd .wgetrc commands to
http_password and proxy_password respectively. The login and passwd
.wgetrc commands have been deprecated.
* `wget -b' now works correctly under Windows.
Changelog:
0.9.4 - fix parsing of square brackets in string OID labels
- close the file descriptor in parse_config_file
- re-work of decoding infrastructure for CableHome
0.9.3 - update CMTS MIC calculation per DOCSIS 2.0 (added SubMgmt
settings to CMTS MIC calculation)
- fix decoding of long Strings in SNMP Objects
- add support for long Variable Bindings (>127)
- add support for TLV64 encode/decode for long SNMP Objects.
- add support for Downstream Channel List TLVs
- add support for TftpModemAddress and TftpTimeout TLVs
- make GenericTLVs easier to decode/encode when printable strings
are used
- fixed memory leaks (for the sake of it)
Changes:
20050523
- (dtucker) [configure.ac defines.h] Add flags to allow ntpd to build on
AIX, mostly from tomwilliams14 at comcast.net.
- (dtucker) [contrib/redhat/openntpd.spec] Specfile update from Bernhard
Weisshuhn (bkw at weisshuhn de):
- Use 'ntp' (not _ntp) with id 38 as privsep user
- Add openssl-devel to Build-Requires
- mkdir -p /var/empty/ntpd
- Added ChangeLog, README LICENCE and CREDITS as docfiles
- removed fluff, use %{_variables} where appropriate
- (dtucker) [configure.ac] Fall back to builtin arc4random if we don't find
a usable OpenSSL.
- (dtucker) [README] Update known-working platforms and misc info.
- (dtucker) [README] Add CVS Id.
- (dtucker) [configure.ac includes.h] Check for and include arpa/nameser.h,
fixes build on Solaris 2.5.1.
- (dtucker) [version.h contrib/redhat/openntpd.spec] Enter 3.7p1.
20050313
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/01/27 15:44:00
[client.c ntp.c ntpd.h]
Scale query interval by the overall offset not per-peer offset, so we
don't query outliers more often than any other server. ok henning@
- dtucker@cvs.openbsd.org 2005/01/28 13:01:32
[client.c server.c]
Make network unreachable errors non-fatal; ok henning@
- henning@cvs.openbsd.org 2005/01/28 13:32:24
[ntpd.c]
fatal() if daemon() fails, Alexander von Gernler <grunk@pestilenz.org>
- dtucker@cvs.openbsd.org 2005/01/28 13:37:20
[client.c ntp.c ntpd.h]
Simplify interval scaling and randomize query intervals; ok henning@
- henning@cvs.openbsd.org 2005/02/02 19:52:32
[ntpd.c]
usage() is __dead
pt out by Alexander v Gernler
- henning@cvs.openbsd.org 2005/02/02 19:57:09
[buffer.c ntpd.h]
buffer structs and API ssize_t -> size_t; from bgpd
- henning@cvs.openbsd.org 2005/02/02 20:03:52
[ntp.c]
KNF
- dtucker@cvs.openbsd.org 2005/02/03 11:53:33
[client.c ntpd.h]
Implement simple duplicate suppression of peer errors; ok henning@
- henning@cvs.openbsd.org 2005/02/21 18:58:43
[client.c]
fix an error message
- henning@cvs.openbsd.org 2005/02/22 13:03:24
[ntp.c]
when sending a query already returns a failure, we're not going to see
a reply to that query.
if we get errors for all queries and the initial settime() is still due
and thus the parent process still waits (not yet daemonized!), send an
IMSG_SETTIME with offset 0.
shortens the delay dramatically when you boot without network
idea from a discussion with theo
- henning@cvs.openbsd.org 2005/03/06 19:36:52
[imsg.c]
fix error message, Benedikt Steinbusch <bsteinb@hamazone.de>
- henning@cvs.openbsd.org 2005/03/08 13:31:40
[client.c]
let client_query return 0 if it requested dns resolution
- henning@cvs.openbsd.org 2005/03/08 15:28:55
[ntpd.c]
from the "shut the fuck up, ntpd" department:
move log_debug call to tell about skipping the settime due to lack of
answers down slightly below the 2nd (and final) log_init call so it becomes
a -d only thing. tested by dlg and me
- deraadt@cvs.openbsd.org 2005/03/08 15:37:16
[ntp.c]
missing break spotted by lint
- henning@cvs.openbsd.org 2005/03/08 15:59:36
[config.c]
from the "shut the fuck up, ntpd" department:
don't whine about temporary dns errors
- deraadt@cvs.openbsd.org 2005/03/08 17:27:14
[ntp.c]
knf
- henning@cvs.openbsd.org 2005/03/08 17:33:43
[ntp.c]
when trying short-circuit the wait for the first reply for -s, only
do so when
-we tried to send at least one query (that is the change)
-we could not send ou a single one without failure (this was already in
place but catched too much)
problem independently noticed by nick and danh, ok mickey danh, testing by
many
- henning@cvs.openbsd.org 2005/03/09 15:07:00
[imsg.c]
when, after processing all complete imsgs we found in the buffer,
there are some bytes left (less than an imsg header, or less than the
imsg header len field says) we copy it to the very beginning of the buffer.
use memmove instead of memcpy since it is not guaranteed that there's no
overlap. while memcpy on OpenBSD is safe, it might not elsewhere, and
we want our code to be correct anyways.
funny enough theo and I talked at length about that last week in dublin,
and I said I believe I had no memcpys with the chance of overlap in ntpd/
bgpd - well, here is one, and Alexander von Gernler <grunk@pestilenz.org>
pointed me to it.
- henning@cvs.openbsd.org 2005/03/09 21:31:11
[config.c ntpd.c]
nasty: host_dns used to run before forking and chrooting etc, so it was
guaranteed that its res_init() call was done once before fork etc...
that is no longer the case. call res_init() in main() early.
- dtucker@cvs.openbsd.org 2005/03/13 11:06:27
[ntpd.c]
Fixes in ntpd_settime (ie ntpd -s):
- Handle errors from syscalls better
- Prevent curtime.tv_usec from being negative for negative offsets.
- Don't claim to have done settimeofday if it fails.
ok henning@
(brought to my attention by holger at wizards.de)
- (dtucker) [defines.h] defined __dead if the system doesn't.
20050211
- (dtucker) [defines.h] Fix SA_LEN macro for platforms that have different
sized sockaddr_in and sockaddr_in6 structs but don't define their own
SA_LEN. Patch from Leonardo C. Filho <leonardo at fesppr br>.
20050127
- (dtucker) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/12/22 17:04:11
[ntpd.c]
d can be negative, take that into account when comparing to the logging
threshold. spotted by Constantine Murenin <mureninc@gmail.com>, mickey ok
- henning@cvs.openbsd.org 2004/12/23 17:10:10
[ntp.c]
KNF
- dtucker@cvs.openbsd.org 2005/01/27 11:32:29
[client.c ntp.c ntpd.h]
Delay before retrying a query on timeout; ok henning@
20050109
- (dtucker) [LICENCE] Fix typos and omissions, tidy up formatting.
- (dtucker) [LICENCE] Add CVS Id.
20050107
- (dtucker) [LICENCE] Add an OpenSSH-style licence summary.
20041222
- (dtucker) OpenBSD CVS Sync
- moritz@cvs.openbsd.org 2004/12/20 16:10:05
[ntpd.c]
some typos in log messages.
- henning@cvs.openbsd.org 2004/12/22 06:34:52
[ntp.c]
if our first getpwnam(), testing for NTPD_USER, succeeded, but the second
returns NULL, we don't need loooong explanations, but at least some
indicator what went wrong, From: Michael Knudsen <e@molioner.dk>
- dtucker@cvs.openbsd.org 2004/12/22 06:36:11
[server.c]
Save original value returned by getifaddrs to free later; ok henning@
- (dtucker) [openbsd-compat/uidswap.c] Include includes.h
20041220
- (dtucker) [README] Queries and bug reports to me.
- (dtucker) [configure.ac defines.h] on QNX, socklen_t is really size_t.
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/port-qnx.c]
Add an adjtime() function for QNX, written by Anthony O.Zabelin.
20041219
- (dtucker) [includes.h openbsd-compat/Makefile.in openbsd-compat/atomicio.c
openbsd-compat/atomicio.h openbsd-compat/bsd-arc4random.c
openbsd-compat/openbsd-compat.h]: Add atomicio from OpenSSH and use for
reading entropy sources to ensure complete reads.
- (dtucker) [defines.h] Remove some dead code.
- (dtucker) [openbsd-compat/bsd-arc4random.c] Use atomicio for write too.
20041218
- (dtucker) [configure.ac ntp.c ntpd.c openbsd-compat/Makefile.in
openbsd-compat/bsd-poll.c openbsd-compat/bsd-poll.h
openbsd-compat/openbsd-compat.h] Add a poll() replacement built around
select() and enable for platforms that don't have poll (eg QNX4). Poll
header file from OpenBSD, function written by me, tested on QNX4 by
Anthony O.Zabelin.
- (dtucker) [configure.ac] Alphabetize system-specific case block.
- (dtucker) [configure.ac bsd-misc.c] Add a dummy setgroups() function for
platforms that don't have it; from Anthony O.Zabelin.
- (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Make "long long"
support optional. From Anthony O.Zabelin.
- (dtucker) [configure.ac defines.h] Define __func__ macro as required,
stolen from OpenSSH.
- (dtucker) [configure.ac] Add configure-time settings for QNX4. From
Anthony O.Zabelin.
- (dtucker) [config.c] Add includes.h
- (dtucker) [configure.ac includes.h] Check for sys/timers.h and include.
- (dtucker) [openbsd-compat/bsd-arc4random.c] Add support for using EGD/PRNGD
sockets directly when configured --with-builtin-arc4random.
- (dtucker) [openbsd-compat/bsd-arc4random.c] Remove debugging messages.
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2004/12/15 00:44:20
[client.c]
If polling a server results in an error, drop that server to the maximum
poll interval; ok henning@
- dtucker@cvs.openbsd.org 2004/12/15 13:24:21
[client.c]
Factor out interval scaling code; ok henning@
- dtucker@cvs.openbsd.org 2004/12/15 13:29:25
[client.c]
Poll unsynchronized servers at the maximum interval and log a message about
them when in debug mode; ok henning@
- dtucker@cvs.openbsd.org 2004/12/16 01:38:59
[config.c ntpd.h]
Limit the number of addresses used by the 'servers' directive to 8;
ok henning@
20041215
- (dtucker) [includes.h ntpd.c] Fix warnings for RCSID from picky compilers
and user RCSID for the release string. Pointed out by Jason Mader.
- (dtucker) [includes.h] Undef sa_len macro if it's defined, to prevent
name collisions on IRIX. With Jason Mader.
- (dtucker) [Makefile.in] Zap a GNUmake-ism, spotted by Jason Mader.
- (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/openbsd-compat.h]
Tweak again to prevent warnings.
20041214
- (dtucker) [configure.ac] On IRIX, determine IOV_MAX from sysconf(8), based
on info from Jason Mader.
- (dtucker) [configure.ac] Move __need_IOV_MAX define into the Linux-specific
block, suggested by Jason Mader.
- (dtucker) [openbsd-compat/bsd-misc.c] Cast argv0 to char * to keep IRIX's
compiler happy. From Jason Mader.
- (dtucker) [Makefile.in] Add rules to ensure openbsd-compat gets rebuilt
properly.
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2004/12/07 11:06:12
[ntpd.8]
tweaks;
- mickey@cvs.openbsd.org 2004/12/08 16:47:38
[client.c ntp.h ntp_msg.c server.c util.c]
uniquely name members of s_fixedpt and l_fixedpt; henning@ ok
- mickey@cvs.openbsd.org 2004/12/08 18:35:16
[ntp_msg.c]
use two tiny macros for copying fields out to simplify reading; henning@ ok
- mickey@cvs.openbsd.org 2004/12/09 21:24:46
[client.c ntpd.h]
define TRUSTLEVEL_MAX for the trustedlevel value of 10; henning@ ok
- jaredy@cvs.openbsd.org 2004/12/10 04:54:18
[ntpd.8]
typos, then -> than, from Michael Knudsen
- dtucker@cvs.openbsd.org 2004/12/13 13:22:52
[client.c ntp.h]
Discard replies with alarm flag set or invalid stratum; ok henning@
- dtucker@cvs.openbsd.org 2004/12/13 13:36:02
[ntp.c]
Check for error status from poll() too; ok henning@
- dtucker@cvs.openbsd.org 2004/12/14 07:27:13
[ntp_msg.c]
sendto() takes socklen_t as an argument; ok henning@
20041213
- (dtucker) [openbsd-compat/asprintf.c] unsigned char -> char, silences
warning from IRIX's compiler. From Jason Mader (jason at ncac gwu edu).
20041212
- (dtucker) [ntpd.8] Remove some OpenBSD-specific references from the man
page. From Christian Gut (cycloon at is-root org).
- (dtucker) [configure.ac] Add defines needed for uid swapping functions
to work on IRIX. From Jason Mader (jason at ncac gwu edu).
Changes since 0.3.10:
- Changes include bug fixes to the tracker and to btlaunchmany[curses],
the Windows installers' being built using older versions of Python
and wxPython to fix the problem with the client sticking in the task
list, and the addition of a little sneakiness to help keep ISPs from
killing connections to seed clients.
- Today's release should fix the problem with clients hanging in the
task manager. It should also fix problems on 64-bit processors.
0.88 Jun 21 2005
- Change maintainer back to paul@seamons.com (Paul Seamons)
- Add run_n_children_hook to prefork servers (At suggestion of
James Fitzgibbon and Paul B. Henson)
- Make delete child only delete children it knows about.
Fixes ancient bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=168784
filed by Christian Mock and worked on by Lucas Filipozzi.
- Store $ENV{PWD} as part of script name for HUP'ing (Russel Pettway)
- Allow PreFork and PreForkSimple to have child mark
explicitly as done the same as other server types via
the ->done(1) call. (Idea from Marc Martinec)
- After numerous requests, the CHLD SIGNAL is now
set to DEFAULT in the child process of PreFork and
PreForkSimple servers. This should allow grand child processes to
run without affecting the child process (or parent).
- Fix parent/child communication channel buffering issue (Matt Sergeant)
- Check for child's sock before closing with
child_communication enabled (Alexander Hlawenka)
- Documentation fix (Mark Morgan)
- Allow 'stream' option for syslog_logsock property (Daniel Matuschek)
- Fix syslog format vulnerability. (Carlos Velasco) This has
potential to break some log implementations that were
planning on ->log passing all of @_ to syslog. Now only the
first item from @_ is passed as the message.
- Allow for '-' in group names. (Corey Minyard)
- Prevent locking caused by interupt of flock (Dietmar Maurer [cpan #11693])
- Finally fix UID/GID bugs during daemonization. This is the
biggest bug winner. The new model Calls POSIX::setuid and
setgid and tests for success by checking the values of $<
and $( and not by checking the response of the setuid/setgid functions.
- Add CIDR style lookups for allow/deny using cidr_allow and
cidr_deny (Carsten Wolff)
- Allow for port configured in perl to not have to be arrayref.
This bug was introduced in revision 1.7 where bind was determined to
be built-in only if libbind.* existed on the system, which isn't
necessarily true on systems where the resolver routines are incorporated
into libc, e.g. NetBSD.
We now consider bind to be built-in if BUILTIN_VERSION.bind is defined,
and we define BUILTIN_VERSION.bind only if /usr/sbin/named exists on
the system. We also improve the derivation of the version number of
BIND by parsing the named output, so we can now also detect bind-4.x
and bind-8.x.
Package changes:
Use PKG_OPTIONS_GROUP framework
Add package option 'python' to support the new python scripts flow-rpt2rrd,
flow-log2rrd and flow-rptfmt.
Changes since last packaged version (0.67):
* 5-11-2005 flow-tools 0.68 released.
* added flow-rpt2rrd - post process flow-report into RRD's.
* added flow-log2rrd - post process logs from
* added flow-rptfmt - post process flow-report into readable and HTML.
* ftstat.c s/psizr256/psize256/ - uebelacker@tuhh.de
* rec_v5->engine_id not set properly in ftdecode.c
- baldwinL@mynetwatchman.com
* --enable-lfs set flags for large file support - alexbrennen@gmail.com
* Added CryptoPAn support to flow-xlate
req by Abilene
* mailing list archive is available at mail-archive.com
req by spork@bway.net
* flow-cat.c: progress debug output - weinhold@berbee.com
* portability: gcc no longer supports goto label which label is at the
end of a compound statement - Andreas Jochens <aj@andaco.de>
* flow-stat.c: protect from divize by zero - should only happen on invalid
flows - - Espen.Breivik@uninett.no
* flow-filter.c: exaddr filter - Espen.Breivik@uninett.no
* ftxlate.c: tag-mask eval_tag_mask() not using correct offsets
- Cougar <cougar@random.ee> & kgraham@valueclick.com
* flow-send: default tx_delay to 0 like flow-fanout - rjd@merit.edu
* flow-export: debug should be global - dwatanab@uci.edu
* flow-report: path will accept spaces, ie |flow-rpt2rrd -p rrd -k 25
* flow-report: records is in rec1
* flow-fanout: did not set address family for receive fd - noted by
fingers@fingers.co.za
* docs: add FILES section to man pages
* flow-report: -hh to list available reports
* flow-report, flow-tag, flow-xlate, flow-nfilter. Run-time variable
expansion of the form @VAR or @{VAR:default} for config files.
* flow-receive: dropped inline tagging and nfilter support
* fix warnings produced by pkglint
* fix portname math in indexmaker
* accept extreme networks switches for ifAlias in cfgmaker
* set unknown values to 0 for threshold checking if unknonwnaszero is set
* updated NetWare integration
Changes:
Bugfixes on 0.0.9.x (backported from 0.1.0.10):
- Refuse relay cells that claim to have a length larger than the
maximum allowed. This prevents a potential attack that could read
arbitrary memory (e.g. keys) from an exit server's process.
Bugfixes on 0.0.9.x:
- If unofficial Tor clients connect and send weird TLS certs, our
Tor server triggers an assert. This release contains a minimal
backport from the broader fix that we put into 0.1.0.4-rc.
Approved by <jlam>
at any directories starting with ${WRKDIR}. This fixes the various
netsaint plugin scripts that had hardcoded ${WRKDIR} paths to tools.
Bump the PKGREVISION to 8.
